Features
Top Performing Features
Correlation
Correlation of logs and events to pinpoint significant threats
Category average: 8.4
Centralized event and log data collection
Effectiveness of real-time centralized event and log data collection
Category average: 8.5
Event and log normalization/management
Ability to normalize event syntax so that logs can be compared and are machine-understandable
Category average: 8.6
Host and network-based intrusion detection
Ability to detect both endpoint intrusion and network ingress detection
Category average: 8.1
Security Information and Event Management (SIEM)
Security Information and Event Management is a category of security software that allows security analysts to look at a more comprehensive view of security logs and events than would be possible by looking at the log files of individual, point security tools
Centralized event and log data collection
Effectiveness of real-time centralized event and log data collection
Category average: 8.5
Correlation
Correlation of logs and events to pinpoint significant threats
Category average: 8.4
Event and log normalization/management
Ability to normalize event syntax so that logs can be compared and are machine-understandable
Category average: 8.6
Deployment flexibility
Ability to tune system to maximize threat detection and minimize false positives
Category average: 7.3
Custom dashboards and workspaces
dashboards that can be customized to meet the needs of specific groups
Category average: 8.3
Host and network-based intrusion detection
Ability to detect both endpoint intrusion and network ingress detection
Category average: 8.1